package com.wy.filter;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.wy.entity.User;
import com.wy.util.Constant;
import com.wy.util.security.CookieUtil;

/**
 * 权限判断过滤器
 * @author Administrator
 *
 */
public class AuthorityFilter implements Filter {

	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
			FilterChain chain) throws IOException, ServletException {
		
		/**
		 * cookie 是否存在标识
		 */
		boolean cookieExist = false;
		/**
		 * 权限验证是否通过标识：true->通过验证，请求通过；false->未通过验证，权限不够，请求未通过
		 */
		boolean pass = false;
		
		HttpServletRequest  request  = (HttpServletRequest) servletRequest;
		HttpServletResponse response = (HttpServletResponse) servletResponse;
		HttpSession session = request.getSession(true);
		
		String currentURL = request.getRequestURI();											//当前request请求路径:如/BootStrap_1/login.jsp 、/BootStrap_1/jsp/home.jsp
//		String targetURL  = currentURL.substring(currentURL.indexOf("/",0),currentURL.length());//请求的相对路径：如login.jsp 、jsp/home.jsp
		String loginPath  = request.getContextPath() + Constant.LOGIN_PAGE_PATH;				//登录页面绝对路径
//		String homePath   = request.getContextPath() + Constant.HOME_PAGE_PATH;					//登录成功后的首页
		String homeAction = request.getContextPath() + Constant.HOME;
		String notPassPath= request.getContextPath() + Constant.NO_SUCH_AUTHORITY;				//提示页面-权限验证失败

		//1.用户cookie是否存在
		User user = CookieUtil.validataUser(request);
		if(user != null){
			//cookie存在，将用户信息放入session
			session.setAttribute(Constant.USER_SESSION_KEY, user);
			cookieExist = true;
		}
		
		//2.获取session中的user
		Object suser = session.getAttribute(Constant.USER_SESSION_KEY);
		
		//3.当前请求是否为登录页面login.jsp
//		if(targetURL.equals(Constant.LOGIN_PAGE_PATH)){	//当前请求是login.jsp
		if(currentURL.endsWith(Constant.LOGIN_PAGE_PATH)){
			//session中cuser是否为null
			if(suser != null){
				//该cuser是否来自cookie
				if(!cookieExist){
					response.sendRedirect(homeAction);		//未记住密码，是当前已登录用户的请求,重定向到home页面
					return;
				}
			}
		}else{ 											//当前请求不是login.jsp
			//session中cuser是否为null
			if(suser != null){
				//不为空，进行权限验证操作
				pass = doAuthorityValidate((User)suser);
				//权限验证是否通过
				if(!pass){
					response.sendRedirect(notPassPath);		//权限验证未通过，重定向到提示页面
					return;
				}
			}else{
//				response.sendRedirect(loginPath);
				PrintWriter out = response.getWriter();		
				out.println("<html>");
				out.println("<script>");
//				out.println("window.open("+ loginPath +",_top)");	//单引号必须有！！
				out.println("window.open('"+ loginPath +"','_top')");
				out.println("</script>");
				out.println("</html>");
				return;
			}
		}
		
		chain.doFilter(request, response);
		
	}
	
	/**
	 * 用户权限验证
	 * @param user
	 * @return
	 */
	private boolean doAuthorityValidate(User user){
		//权限验证代码.....
		
		return true;
	}
	

	public void init(FilterConfig filterConfig) throws ServletException {

	}
	public void destroy() {
		
	}

}
